Smart tablet shows a computer code

Three points on the importance of government and industry working together on cybersecurity

By: Kurt John, Chief Cybersecurity Officer of Siemens USA

The first law of physics states things in motion will stay in motion unless acted upon by an external force. Except imagine in this case that it’s a nefarious hacking campaign bringing everyday routines and operations to a standstill.

As the chief cybersecurity officer for Siemens USA, I’m often asked what we should do about these attacks. How do we prevent bad actors from compromising systems and data? What should our toolbox of cybersecurity technologies look like? Is anything safe anymore?

The good news is that we’re seeing a concentrated effort across the public and private sectors to answer those questions. This year’s cyberattacks have prompted strong support for measures that protect national interests and business operations alike. At the federal level, the Biden Administration issued an executive order to strengthen the nation’s cybersecurity, and Congress has included resiliency against cyberattacks in its infrastructure priorities.

Our work at Siemens not only fits into, but can help sharpen, the national focus on cybersecurity in a couple of ways. First, we’re a technology company transforming industry and infrastructure by helping to drive increasing connectivity to the digital world. This work, whether it’s with government partners or our customers around the world, depends on layered and resilient cyber protections. It’s built on trust that we are constantly orienting our ecosystem to secure data. And it’s why you’ll find more than 1,200 cybersecurity experts on our team globally, building on our 30-plus years of cybersecurity expertise.

We’re a technology company transforming industry and infrastructure by helping to drive increasing connectivity to the digital world. This work, whether it’s with government partners or our customers around the world, depends on layered and resilient cyber protections.

Second, a few years ago, we recognized the need for companies and organizations to champion cyber protections collectively; otherwise, these attacks could deter digital transformation. So we founded a Charter of Trust with likeminded partners around robust principles and standards for protecting data, preventing damage and building the confidence that’s essential to our digital future.

When it comes to securing our critical infrastructure, the reality is that we need to be consistent across industry and government. We need rigorous risk mitigation and response that extends throughout the entire public-private ecosystem. And the only way to do that is to prioritize opportunities where we can work together. I’ll share three points related to this mindset and our approach at Siemens.

  • It’s impossible to address every cyber risk alone. Instead, the thinking should be, I need to know what others are seeing to protect my resources, and they need to know what I’m seeing to protect theirs. We need to be talking to each other. Experts at Siemens contribute to over 535 Computer Emergency Response Teams (CERT) globally, 98 of which are in the United States, and we regularly engage with governmental organizations, including the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST). We’re also driving innovative strategies and cross-sector collaboration with a Cyber Test Range at our R&D headquarters in Princeton, New Jersey. There, the mobile lab for customers, educators and partners simulates attack conditions so vulnerabilities in critical infrastructure can be identified and emerging technologies can be tested.

  • Outcomes matter. We can’t ignore the fact that cybersecurity is directly connected to competitiveness. Expecting threats and preparing for them have to be part of normal day-to-day operations for both governments and companies. For us, the cyber protections that enable our business also enable our customers’ businesses. So we’re thinking holistically as we harmonize cyber protections across operational technology and informational technology in critical infrastructure. We integrate cybersecurity into our products and services, and we offer Trusted Traceability capabilities to help secure manufacturing supply chains. We’re embracing a philosophy of zero trust, in which authentication is repeatedly required. And we’re encouraged by the rise of machine learning and other technologies to flag suspicious behavior and address threats quicker than any human could.

  • Cyber is a people issue as much as it is a technical one. The promise of our advanced tools for cyber depends on the people who will be working with them. The challenges have only grown, as remote work connects organizations on scattered networks. Cybercrime is expected to cost more than $6 trillion just this year. Combine that with the millions of cybersecurity job openings and the writing on the wall becomes pretty clear that we need the public and private sectors working to help close the talent gap. Vocational and nontraditional pathways could connect more people to these good-paying and purpose-driven careers.

When it comes to strengthening our national posture on cybersecurity, what we can achieve together across government and business will be greater than what we can achieve on our own. And that raises another concept from the laws of physics: momentum. Let’s not slow down. Let’s make this a time of accelerated collaboration and action.

Published: October 29, 2021